Skip to content

build: update scorecard action dependencies (#31409) #6051

build: update scorecard action dependencies (#31409)

build: update scorecard action dependencies (#31409) #6051

Workflow file for this run

name: CI
on:
push:
branches:
- main
- '[0-9]+.[0-9]+.x'
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
permissions: {}
defaults:
run:
shell: bash
jobs:
lint:
runs-on: ubuntu-latest
steps:
- name: Initialize environment
uses: angular/dev-infra/github-actions/npm/checkout-and-setup-node@1f047e7dbae43ea969c2cafb53b33207e86b800f
with:
cache-node-modules: true
- name: Install node modules
run: pnpm install --frozen-lockfile
- name: Checking package externals
run: |
bazel build //:package_externals
pnpm check-package-externals $(bazel info bazel-bin)/package_externals.json
- name: Checking entry-points configuration
run: |
bazel build //:entry_points_manifest
pnpm check-entry-point-setup $(bazel info bazel-bin)/entry_points_manifest.json
- name: Check OWNERS file
run: pnpm ownerslint
- name: Check for component id collisions
run: pnpm detect-component-id-collisions
- name: Check style lint
run: pnpm stylelint
- name: Check code lint
run: pnpm tslint
- name: Check for circular dependencies
run: pnpm -s ts-circular-deps:check
- uses: ./.github/actions/slack
if: failure()
with:
JOB_NAME: 'Lint check'
SLACK_BOT_TOKEN: ${{ secrets.ANGULAR_ROBOT_SLACK_TOKEN }}
api_golden_checks:
runs-on: ubuntu-latest
steps:
- name: Initialize environment
uses: angular/dev-infra/github-actions/npm/checkout-and-setup-node@1f047e7dbae43ea969c2cafb53b33207e86b800f
with:
cache-node-modules: true
- name: Setup Bazel
uses: angular/dev-infra/github-actions/bazel/setup@1f047e7dbae43ea969c2cafb53b33207e86b800f
- name: Setup Bazel RBE
uses: angular/dev-infra/github-actions/bazel/configure-remote@1f047e7dbae43ea969c2cafb53b33207e86b800f
with:
google_credential: ${{ secrets.RBE_TRUSTED_BUILDS_USER }}
- name: Install node modules
run: pnpm install --frozen-lockfile
- name: Check API Goldens
run: pnpm bazel test goldens/...
- uses: ./.github/actions/slack
if: failure()
with:
JOB_NAME: 'API Golden Checks'
SLACK_BOT_TOKEN: ${{ secrets.ANGULAR_ROBOT_SLACK_TOKEN }}
e2e:
runs-on: ubuntu-latest
steps:
- name: Initialize environment
uses: angular/dev-infra/github-actions/npm/checkout-and-setup-node@1f047e7dbae43ea969c2cafb53b33207e86b800f
with:
cache-node-modules: true
- name: Setup Bazel
uses: angular/dev-infra/github-actions/bazel/setup@1f047e7dbae43ea969c2cafb53b33207e86b800f
- name: Setup Bazel RBE
uses: angular/dev-infra/github-actions/bazel/configure-remote@1f047e7dbae43ea969c2cafb53b33207e86b800f
with:
google_credential: ${{ secrets.RBE_TRUSTED_BUILDS_USER }}
- name: Install node modules
run: pnpm install --frozen-lockfile
- name: Run e2e tests
run: pnpm e2e --flaky_test_attempts=2
- uses: ./.github/actions/slack
if: failure()
with:
JOB_NAME: 'E2E test'
SLACK_BOT_TOKEN: ${{ secrets.ANGULAR_ROBOT_SLACK_TOKEN }}
integration:
runs-on: ubuntu-latest
steps:
- name: Initialize environment
uses: angular/dev-infra/github-actions/npm/checkout-and-setup-node@1f047e7dbae43ea969c2cafb53b33207e86b800f
with:
cache-node-modules: true
- name: Setup Bazel
uses: angular/dev-infra/github-actions/bazel/setup@1f047e7dbae43ea969c2cafb53b33207e86b800f
- name: Setup Bazel RBE
uses: angular/dev-infra/github-actions/bazel/configure-remote@1f047e7dbae43ea969c2cafb53b33207e86b800f
with:
google_credential: ${{ secrets.RBE_TRUSTED_BUILDS_USER }}
- name: Install node modules
run: pnpm install --frozen-lockfile
- name: Run integration tests
run: pnpm integration-tests
continue-on-error: true
- uses: ./.github/actions/slack
if: failure()
with:
JOB_NAME: 'Integration test'
SLACK_BOT_TOKEN: ${{ secrets.ANGULAR_ROBOT_SLACK_TOKEN }}
test:
runs-on: ubuntu-latest-16core
steps:
- name: Initialize environment
uses: angular/dev-infra/github-actions/npm/checkout-and-setup-node@1f047e7dbae43ea969c2cafb53b33207e86b800f
with:
cache-node-modules: true
- name: Setup Bazel
uses: angular/dev-infra/github-actions/bazel/setup@1f047e7dbae43ea969c2cafb53b33207e86b800f
- name: Setup Bazel RBE
uses: angular/dev-infra/github-actions/bazel/configure-remote@1f047e7dbae43ea969c2cafb53b33207e86b800f
with:
google_credential: ${{ secrets.RBE_TRUSTED_BUILDS_USER }}
- name: Install node modules
run: pnpm install --frozen-lockfile
- name: Run tests
run: bazel test --build_tag_filters=-e2e --test_tag_filters=-e2e --build_tests_only -- src/...
- uses: ./.github/actions/slack
if: failure()
with:
JOB_NAME: 'Test'
SLACK_BOT_TOKEN: ${{ secrets.ANGULAR_ROBOT_SLACK_TOKEN }}
build:
runs-on: ubuntu-latest-16core
steps:
- name: Initialize environment
uses: angular/dev-infra/github-actions/npm/checkout-and-setup-node@1f047e7dbae43ea969c2cafb53b33207e86b800f
with:
cache-node-modules: true
- name: Setup Bazel
uses: angular/dev-infra/github-actions/bazel/setup@1f047e7dbae43ea969c2cafb53b33207e86b800f
- name: Setup Bazel RBE
uses: angular/dev-infra/github-actions/bazel/configure-remote@1f047e7dbae43ea969c2cafb53b33207e86b800f
with:
google_credential: ${{ secrets.RBE_TRUSTED_BUILDS_USER }}
- name: Install node modules
run: pnpm install --frozen-lockfile
- name: Run tests
run: bazel build --build_tag_filters=-docs-package,-release-package -- src/...
- uses: ./.github/actions/slack
if: failure()
with:
JOB_NAME: 'Build'
SLACK_BOT_TOKEN: ${{ secrets.ANGULAR_ROBOT_SLACK_TOKEN }}
publish_snapshots:
runs-on: ubuntu-latest-4core
steps:
- name: Initialize environment
uses: angular/dev-infra/github-actions/npm/checkout-and-setup-node@1f047e7dbae43ea969c2cafb53b33207e86b800f
with:
cache-node-modules: true
- name: Setup Bazel
uses: angular/dev-infra/github-actions/bazel/setup@1f047e7dbae43ea969c2cafb53b33207e86b800f
- name: Setup Bazel RBE
uses: angular/dev-infra/github-actions/bazel/configure-remote@1f047e7dbae43ea969c2cafb53b33207e86b800f
- name: Install node modules
run: pnpm install --frozen-lockfile
- name: Build and Verify Release Output
run: pnpm build-and-check-release-output
- name: Verify tooling setup
run: pnpm check-tooling-setup
- name: Build Docs Content
run: pnpm build-docs-content
- name: Build Docs Content
run: pnpm build-docs-content
- name: Publish Snapshots
run: ./scripts/circleci/publish-snapshots.sh
env:
SNAPSHOT_BUILDS_GITHUB_TOKEN: ${{ secrets.SNAPSHOT_BUILDS_GITHUB_TOKEN }}
- uses: ./.github/actions/slack
if: failure()
with:
JOB_NAME: 'Snapshot publishing'
SLACK_BOT_TOKEN: ${{ secrets.ANGULAR_ROBOT_SLACK_TOKEN }}
deploy_doc_site:
runs-on: ubuntu-latest-4core
steps:
- name: Initialize environment
uses: angular/dev-infra/github-actions/npm/checkout-and-setup-node@1f047e7dbae43ea969c2cafb53b33207e86b800f
with:
cache-node-modules: true
# See: https://github.com/puppeteer/puppeteer/pull/13196 and
# https://chromium.googlesource.com/chromium/src/+/main/docs/security/apparmor-userns-restrictions.md.
- name: Disable AppArmor
run: echo 0 | sudo tee /proc/sys/kernel/apparmor_restrict_unprivileged_userns
- name: Setup Bazel
uses: angular/dev-infra/github-actions/bazel/setup@1f047e7dbae43ea969c2cafb53b33207e86b800f
- name: Setup Bazel RBE
uses: angular/dev-infra/github-actions/bazel/configure-remote@1f047e7dbae43ea969c2cafb53b33207e86b800f
- name: Install node modules
run: pnpm install --frozen-lockfile
- name: Build and Verify Release Output
run: pnpm build-and-check-release-output
- name: Verify tooling setup
run: pnpm check-tooling-setup
- name: Deploy the docs app
run: pnpm ci-push-deploy-docs-app
env:
CIRCLE_BRANCH: ${{ github.ref_name }}
CIRCLE_SHA1: ${{ github.sha }}
DOCS_SITE_GCP_SERVICE_KEY: ${{ secrets.DOCS_SITE_GCP_SERVICE_KEY }}
DOCS_DEPLOY_GITHUB_TOKEN: ${{ secrets.DOCS_DEPLOY_GITHUB_TOKEN }}
- uses: ./.github/actions/slack
if: failure()
with:
JOB_NAME: 'Docs site deployment'
SLACK_BOT_TOKEN: ${{ secrets.ANGULAR_ROBOT_SLACK_TOKEN }}
browserstack:
runs-on: ubuntu-latest
env:
CI_NODE_INDEX: 0
CI_NODE_TOTAL: 1
CI_RUNNER_NUMBER: ${{ github.run_id }}
steps:
- name: Initialize environment
uses: angular/dev-infra/github-actions/npm/checkout-and-setup-node@1f047e7dbae43ea969c2cafb53b33207e86b800f
with:
cache-node-modules: true
- name: Install node modules
run: pnpm install --frozen-lockfile
- name: Setup Bazel
uses: angular/dev-infra/github-actions/bazel/setup@1f047e7dbae43ea969c2cafb53b33207e86b800f
- name: Setup Browserstack Variables
uses: angular/dev-infra/github-actions/browserstack@1f047e7dbae43ea969c2cafb53b33207e86b800f
- name: Run tests on Browserstack
run: ./scripts/circleci/run-browserstack-tests.sh